Skip to main content

Global Secrets

Taskurai allows you to securely store sensitive configuration values. Once secrets are defined at the global Taskurai instance level, secrets are available to deploy workers.

Secrets can also be referenced in container registry passwords.

Please note the following about global secrets:

  • They are defined at the level of the Taskurai instance.
  • They are available for use by all worker instances defined in the Taskurai instance.
  • They can be set without storing the secret value in any configuration file.
  • They can be set by an administrator or another responsible party.
info

Updating or deleting a secret does not automatically affect existing instances of workers. To update secret configuration, you need to redeploy the affected workers.

Prerequisites

  • Taskurai installation (Taskurai instance, Taskurai CLI, etc.). See Taskurai Setup.
info

If you are not signed in to Azure yet, you will need to log in using your Azure credentials. You can use one of the following methods:

  1. Azure Tools extension for VS Code
  2. Azure CLI: az login
  3. Azure PowerShell: Connect-AzAccount
  4. If you are not logged in using any of the above methods, an interactive browser login will be used.

Managing Secrets using the CLI

Creating a Secret

To create a new secret, use the taskurai secret create command:

taskurai secret create --name containerregistrypassword --value "XXX1..."

Updating a Secret

To update an existing secret, use the taskurai secret update command:

taskurai secret update --name containerregistrypassword --value "XXX1..."

Showing a Secret

To view the properties of an existing secret, use the taskurai secret show command:

taskurai secret show --name containerregistrypassword
info

Please note that the secret value will never be returned.

Listing Secrets

To list all global secrets, use the taskurai secret list command:

taskurai secret list

Removing Secrets

To delete a secret, you can use the taskurai secret delete command:

taskurai secret delete --name containerregistrypassword

Or you can select the secret(s) from the list using the delete command:

taskurai secret delete

Setting up your Solution File

For ease of deployment and documentation purposes, it is recommended to store the names of global secrets in the configuration file:

taskurai-workers/Taskurai.yaml
options:
...
secrets:
- containerregistrypassword
- myglobalsecret
workers:
...
tip

The name of the secret must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.

Using Secrets in Worker Configuration

Global secrets can be used in:

  • Worker secret configuration
  • Worker container configuration

Refer to Worker Configuration for more information on how to use global secrets.

Integration in a Deployment Pipeline

If your global secrets are already available in your deployment pipeline (e.g., Azure DevOps Pipelines, GitHub Actions), the Taskurai setup can remain the same. First, define the names of your global variables in the solution YAML file:

taskurai-workers/Taskurai.yaml
options:
...
secrets:
- containerregistrypassword
- myglobalsecret
workers:
...

Next, call the taskurai worker deploy command in the pipeline:

taskurai worker deploy \
--secret-overrides containerregistrypassword=mypassword \
--secret-overrides myglobalsecret=abc